Microsoft Outlook Window Opener Script Execution

2004-07-11T00:00:00
ID OSVDB:7778
Type osvdb
Reporter Paul(paul@greyhats.cjb.net)
Modified 2004-07-11T00:00:00

Description

Vulnerability Description

Outlook Express contains a flaw that may allow a malicious user to execute arbitrary code. The issue is triggered when an attacker sends a specially crafted HTML email message accessing a window object other than the window.document object. It is possible that the flaw may execute arbitrary code at the privilege of the targeted user resulting in a loss of integrity.

Solution Description

Currently, there are no known upgrades, patches, or workarounds available to correct this issue.

Short Description

Outlook Express contains a flaw that may allow a malicious user to execute arbitrary code. The issue is triggered when an attacker sends a specially crafted HTML email message accessing a window object other than the window.document object. It is possible that the flaw may execute arbitrary code at the privilege of the targeted user resulting in a loss of integrity.

References:

Other Advisory URL: http://freehost07.websamba.com/greyhats/msoeexecscript-discussion.htm Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2004-07/0099.html Keyword: MSOE Javascript Execution Vulnerability ISS X-Force ID: 16708 Generic Exploit URL: http://freehost07.websamba.com/greyhats/msoeexecscript.htm Bugtraq ID: 10692